CVE-2023-37268

Опубликовано: 14 июл. 2023

Источник: nvd

CVSS3: 6.4

CVSS3: 8.8

EPSS Низкий

Описание

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit 8173f6512a and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

Ссылки

https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e
Patch
https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4
Vendor Advisory
https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e
Patch
https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:warpgate_project:warpgate:0.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00166

Низкий

6.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287

EPSS

Процентиль: 38%

0.00166

Низкий

6.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287